General

  • Target

    c381cff6e4fc31b8576d4a715e6f9428355d8e6b9c2a954392ffbffa0ddb034d

  • Size

    920KB

  • Sample

    221124-yct98sed78

  • MD5

    fb3317ab3c4188ece20ee84118bb70e8

  • SHA1

    9d346a6df9d77e35f5eaecf53a1ee9159ee3ba09

  • SHA256

    c381cff6e4fc31b8576d4a715e6f9428355d8e6b9c2a954392ffbffa0ddb034d

  • SHA512

    317b62aac96289fea12f7240fc51145aadbf22e54930d752168008b418d66872db42a4aa5e6b3c266c17ff6501746408477d7c14c6bf14762a13164752f0290c

Malware Config

Targets

    • Target

      c381cff6e4fc31b8576d4a715e6f9428355d8e6b9c2a954392ffbffa0ddb034d

    • Size

      920KB

    • MD5

      fb3317ab3c4188ece20ee84118bb70e8

    • SHA1

      9d346a6df9d77e35f5eaecf53a1ee9159ee3ba09

    • SHA256

      c381cff6e4fc31b8576d4a715e6f9428355d8e6b9c2a954392ffbffa0ddb034d

    • SHA512

      317b62aac96289fea12f7240fc51145aadbf22e54930d752168008b418d66872db42a4aa5e6b3c266c17ff6501746408477d7c14c6bf14762a13164752f0290c

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

      Discovery

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation